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ACCESS CONTROL FOR COMPUTERS 



TECHNICAL FIELD 

The present invention relates to secure and trusted processing of programs and 
applications on a computer. More particularly, the invention is related to a mechanism 
5 for the identification of a program to another program. 

BACKGROUND OF THE INVENTION 

Traditional computer and computer systems, particularly connected systems within a 
defined network, are managed by systems administrators. Hie currently used access 
control mechanisms have focused on separating the users from one another based upon 
10 a security policy determined by the systems administrators. Some, primarily military, 
systems have allowed finer-grained access control policies allowing separation of 
different aspects of an individual user but the complexity of these systems made them 
prohibitively expensive to administer. As a result, these system access control 
mechanisms have not been widely adopted. 

IS The access control schemes available in various databases and in Java offer 
finer-grained control of data and objects but do now solve the general problem of 
access control at the system level- 
Most personal computers (PC) can not solve sufficiently the problem of security. PC 
operating systems, including DOS y Windows, and MacOS, have been assaulted by a 

20 barrage of viruses, Trojan horses, and other malicious software, also referred to as 
malware. The release and use of such matware has been essentially a form of 
vandalism and its danger grows with the use of the Internet. 

If one use such systems for economically meaningful transactions, there is far greater 
benefit and hence incentive for an attacker. Thus, the need for security is essential, 
25 whereby a call arises for an appropriate access control mechanism. 




The form factor and usage characteristics of hand held devises, such as personal digital 
assistants, also abbreviated as PDAs, makes them extremely desirable for use in many 
e-commerce applications. Unfortunately, current PDA operating systems do not offer 
the needed security for e-commerce applications. The very fact that PDAs are powerful 
5 and general purpose computing devices renders them vulnerable to attack. E-commerce 
systems based upon PDAs are potentially vulnerable to an entire range of attacks which 
also can endanger other included systems, e.g. smartcards. 

Commonly, a system administrator must determine how much trust can be given to a 
particular program and/or user. This determination includes considering the value of 
10 the information resources on the system in deciding how much trust is required for a 
program to be installed with privilege. It is a drawback that the system administrator 
has to update the system and the privileges continuously, 

US Patent No. 3,996,449 is related to an operating system authenticator for 
determining if an operating system being loaded in a computer is valid. A user's 
identification code or secret key which is unique to the operating system, and a verifier 
value which is a predetermined function of a valid operating system and the 
identification code are respectively stored. A hash function, which is a function of the 
operating system being loaded and the identification code, is generated by the 
authenticator. After the operating system is loaded, the hash function is used as an 
authenticating value and compared with the verifier value for determining the 
authenticity of the loaded operating system- 

In US Patent No. 5,113,442 a method, and an operating system utilizing this method, 
for controlling access rights among a plurality of users is described. Each user is 
provided a user identification number which is prime and each secure object is 
25 provided an access code which comprises a value that is a product of the user 
identification numbers of all users having the same access rights to that secure object 
In response to a request by a user for access to a secure object, the access code for that 
secure object is divided by the user identification number of the requesting user. 
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Access rights of the user to the requested secure object are determined based on 
whether the result of the division yields a zero remainder. 

GLOSSARY 

The following are informal definitions to aid in the understanding of the following 
description. 

Hash function is a computationally efficient function mapping binary strings of 
arbitrary length to binary strings of some fixed length. 

One-way hash function is a function which takes a variable-length message M or 
some data and produces a fixed-length value, also referred to as hash or specific 
identifier. Given the specific identifier, it is computationally infeasible to find a 
message with that specific identifier; in fact one cant determine any usable information 
about the message M with that specific identifier. In other words, the time to create 
such a specific identifier is substantially shorter than the time to reconstruct the 
variable-length message oat of the specific identifier. Moreover, the time to find two 
identical specific identifiers is substantially longer than the time to create one specific 
identifier. 

Trusted computing base (TCB) indicates the totality of protection mechanisms 
within a computer system* including hardware, firmware* and software, the 
combination of which is responsible for enforcing a security policy. 
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OBJECT OF THE INVENTION 

It is an object of the present invention to overcome the disadvantages of the prior art. 

ft is another object of the present invention to provide a mechanism for a secure access 
control of programs on a computer or on distributed systems. 

5 It is still another object of the present invention to provide an access control 
mechanism which not requires any system administrator. 

It is a further object of the present invention to present an access control mechanism 
which is unspoofable and therefore works in a secure manner. 

It is yet another object of the present invention to provide a method and an apparatus 
10 for verifying the identity of a program on a computer to another program on the same 
or different computer. 
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SUMMARY AND ADVANTAGES OF THE INVENTION 

The objects of the invention are achieved by the features stated in the enclosed 
independent claims. Further advantageous implementations and embodiments of the 
invention are set forth in the respective subclaims. 

5 The invention provides a general and flexible mechanism for a secure access control on 
a computer or on distributed computers. When referring to a computer, any kind of 
computer is meant that has a trusted computing base, also abbreviated as TCB. Such a 
computer can be a member of a network and can support multiple secure domains or 
applications. 

10 The basic idea of the invention is that a computer uses cryptographic functions, ie. 
cryptographic checksums, also referred to as one-way-hash functions, to automatically 
generate program-specific cryptographic identifiers or short program-specific 
identifiers and form therewith the basis of an access control mechanism. These 
program-specific identifiers can be regarded as names for the programs and are 

15 obtained by applying a hash function to the programs. The output, the program-specific 
identifier, also called hash value, is a substantially unique value for a specific program 
that might be stored, cached, or derived on-the-fly. In general, the names are provided 
by the trusted computing base or in more detail by an operating system. The 
cryptographic function fulfills at least the following criteria. The time to create such a 

20 specific identifier is substantially shorter than the time to reconstruct the program or 
part thereof out of the specific identifier. Moreover, the time to find two identical 
specific identifiers is substantially longer than the time to create one specific identifier. 

The mechanism runs as follows. A message-originaror program sends a message 
including its derived name to a message-receiver program. The name is provided by the 
25 operating system and might be added to the message during sending or transferring. 
After receiving the message, the name is verified whether it is known to the 
message-receiver program and/or the trusted computing base. By doing so, the message 
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that may include a special request can be accepted or rejected depending on the 
verification. For a response to the message, the message-receiver program converts to a 
so-called response-message-originaior program, i.e. the message-receiver program 
becomes a message-originator program, and sends a message-response with its specific 
5 name. 

Under a program is understood any kind of code or software which is able to run on a 
computer, such as application programs, Java-based programs, or virtual machines. 

The present mechanism shows several advantages, such as it is not spoofable and is 
easily implemented- The work of a system administrator becomes redundant, since the 
names axe created automatically by the trusted computing base. In general, the 
trustworthiness of computers can be increased dramatically and make them to safe and 
reliable devices, since several domains or applications can run one the same computer 
without being attackable by insecure programs. 

By using the mechanism, uncontrolled and potentially insecure programs* such as 
suspected and attacking programs, cannot take control over the computer or interfere 
sensitive programs and applications. 

On the one hand, if a program-specific identifier, i.e. a program-specific name, is 
known to the message-receiver program and a response-message is sent comprising an 
acceptation or acknowledgment and a response-program-specific identifier that, on the 
20 other hand, is known to the message-originator program, then the advantage occurs? that 
both programs can trust each other, whereby the message-receiver program is then 
willing to inter-operate with the message-originator program, A trusted communication 
between both program can be set up easily. 

Such a mentioned program-specific identifier is derivable by applying a first hash 
25 function to the message-originator program and a response-program-specific identifier 
is derivable by applying a second hash function to the message-receiver program. This 
proves advantageous because, in general, various hash functions can be applied to 
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create a program-specific identifier and thus the mechanism is not restricted to a 
special type of hash function. The only assumption is that the program-specific 
identifier should be known to the message-receiver program in order to set up 
communication. 

5 Nevertheless, the applied hash functions can be also identical, whereby a one-way-hash 
function, such as MD5 or SHA-1 is applicable. Such hash function are well known, 
work reliable, and can be processed, i.e. applied to a program in the millisecond time 
scale, without any remarkable effect to the user or the computing time in general. 

A hash-function generator should be implemented into the trusted computing base, 
10 such that the program-specific identifiers are derived and provided by this trusted 
computing base automatically. Based on the underlying security policy, the trusted 
computing base cannot be circumvented or undermined by an attacker. 

It is advantageous if the program-specific identifier and/or the message is signed by use 
of a private cryptographic key. By doing so, mutual trust between different programs 
15 can be established and set up easily. Moreover, arbitrarily trust relationships can be 
created, whereby it is particularly advantageous that the user has nothing to configure. 

It is also advantageous if an additional program-specific identifier which is signed by 
the private cryptographic key is sent within the message, because the message-receiver 
program becomes securely manageable by developers whereby additional trusted 
20 programs can be installed and therewith trusted domains or applications can be set up 
easily. In other words, different programs which come from the same developer trust 
each other and can create mutual trust relationships. 

The message-receiver program and/or the trusted computing base might have a public 
cryptographic key with which the response can be singed. This implies that if the 
25 message-originator program, that means the requesting program, has been written 
correctly, the message-receiver program and/or the trusted computing base will 
generate signatures only for documents that have been authorized by the user. 
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If program-specific ideatifiers are pre-stored in a list or a database, than a fast access to 
this identifiers and therefore a fast verification can be provided. It shows also 
advantageous if trusted program-specific identifiers are delivered or installed within 
the trusted computing base or when the computer is initialized for the very first time. 

5 In the case that the program-specific identifier is not known to the message-receiver 
program and/or the trusted computing base, the message or request is rejected, for 
example be returning a zero to the message-originator program. This implies that the 
message-originator program is not a trusted one and might be suspect or even 
dangerous. For such programs a special domain can be created. But again, the positive 
10 point is that such programs can not interfere others, that means, for example, trusted 
programs, relevant documents, or private records on the computer. 
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DESCRIPTION OF THE DRAWINGS 

The invention is described in detail below with reference to the accompanying 
schematic drawings, wherein: 

FIG* 1 shows a block diagram of a computer system; 

5 FIG, 2 shows a schematic iUustration of an exchange of messages according to 

the present invention; 
FIG. 3 shows a schematic illustration of a purchase scenario using a key; 

FIG* 4a shows a schematic illustration of a file system object with access control 

using a hash; 

10 FIG. 4b shows the file system object of FIG. 4a for dynamic setup using digital 
signatures; and 

FIG* 5 shows a schematic illustration of an embodiment using a helper 

application to set up mutual trust relationships. 

All the figures are for the sake of clarity not shown in real dimensions, nor are the 
15 relations between the dimensions shown in a realistic scale. 
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DESCRIPTION OF PREFERRED EMBODIMENTS 

With general reference to the figures and with special reference to Fig* 1 the essential 
features of an access control mechanism for computers using cryptographic functions is 
described in more detail below, At first, some general points are addressed. 

5 Hash Junction 

A hash function is a computationally efficient function mapping binary strings of 
arbitrary length to binary strings of some fixed length- 
One-way hash junction 

A one-way hash function is a function which takes a variable-length message and 
10 produces a fixed-length hash or value. Thus: h — H(M)+ with H the one-way hash 
function, M the message and h the hash value for message M. Given the hash A it is 
computationally infeasible to find a message M with that hash; in fact one cant 
determine any usable information about a message M with that hash* For some 
one-way hash functions it is also computationally infeasible to determine two messages 
15 which produce the same hash. Moreover, a one-way hash function can be private or 
public, just like an encryption function. MD5, SHA-1, and Snefru are examples of 
public one-way hash functions. 

If such a one-way hash function is applied to a program E % which can be any program, 
than the output, the hash value /z, i& a substantially unique value, also referred to as 

20 program-specific identifier. This program-specific identifier can also be seen as a name 
that is given to the specific program E. In other words, the program E, that can be 
viewed as a byte stream E ~ {bo, b )r bz, ...}, can be associated with its substantially 
unique name H(Eh When the program E is run, it run with the label H(E). Persistent 
data created by the program E is accessible only to the program E and also bears the 

25 name H(E). 
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Using for example the above mentioned one-way hash function SHA-U the probability 
to find two identical program-specific identifiers is approximately 1 to 2 80 , and the 
probability to find to a given program another program with the same program-specific 
identifier is approximately 1 to 

5 Trusted computing base (TCB) 

Under trusted computing base* also abbreviated as TCB, is understood the totality of 
protection mechanisms within a computer system, including hardware, firmware, and 
software, the combination of which is responsible for enforcing a security policy. An 
operating system being part of the trusted computing base. The security policy requests 
10 that the trusted computing base cannot be circumvented or undermined, i.e. it is secure 
against attacks* 

The present access control mechanism can be used in general in computers and 
computer systems. When referring to a computer, any kind of device is meant that can 
be a member of a local network. Examples of devices are: laptop computers, workpads, 

IS nodepads, personal digital assistants (PDAs), notebook computers and other wearable 
computers, desktop computers, computer terminals, networked computers, internet 
terminals and other computing systems, set-top boxes, cash registers, bar code 
scanners, point of sales terminals, kiosk systems, cellular phones, pagers, wrist 
watches, digital watches, badges, smartcards, and other handheld and embedded 

20 devices. Other devices considered include: headsets, Human Interface Device (HID) 
compliant peripherals, data and voice access points, cameras, printers, fax machines, 
keyboards, joysticks, kitchen appliances, tools, sensors such as smoke and/or fire 
detectors, and virtually any other digital device. 

Other examples of wearable computers that can be used in connection with the present 
25 invention are, personal effects being equipped with computer-like hardware, such as. a 
"smart wallet" computer, jewelry, or articles of clothing. In addition to a "smart wallet" 
computer, there are a number of other variations of the wearable computers. A "belt" 
computer is sach a variation which allows the user to surf, dictate, and edit documents 
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while they are moving around/ Yet another example is a children^ computer which is 
comparable to a personal digital assistant for grade-school children. The children's 
computer might hold assignments* perform calculations, and help kids manage their 
homework. It can interface with other children^ computers to facilitate collaboration, 
5 and it can access a teacher's computer to download assignments or feedback. Any 
wearable or portable device, any office tool or equipment, home tool or equipment, 
system for use in vehicles, or systems for use in the public (vending machines, 
ticketing machines, automated teller machines, etc.) might be used in the context of the 
present invention. 

10 In order to aid in the understanding of the present invention, Rg, 1 shows a high-level 
block diagram of a computer 2. 

The computer 2 includes hardware components 4 such as one or more central 
processing units (CPU) 6, a random access memory (RAM) 8, and an input/output 
(I/O) interface 10. The computer 2 also includes an operating system 20. Various 

IS peripheral devices axe connected to the computer 2, such as secondary storage devices 
12 (such as a hard drive), input devices 14 (such as keyboard, mouse, touch screen, a 
microphone, or infrared- or RF receiver) » display devices 16 (such as a monitor or an 
LCD display), and output devices IS (such as printers, or infrared- or RF transmitter). 
AJso a smartcard device could be coupled to the input/output devices 14, 18. A 

20 plurality of programs 22, 24, 26 are executed in the computer 2. The programs 22, 24, 
26 may be executed sequentially in the computer 2, but preferably executed in parallel 
in the computer system 2. 

The hardware components 4 and the operating system 20 form a trusted computing 
base TCB, which constitute the basis for a secure and trusted computing. Into the 
25 trusted computing base, a generator-module 21 for creating program-specific 
identifiers is implemented; This generator-module 21 is basically a 
cryptographic-function generator 21 that can be implemented in software as well as in 
hardware. Since the generation of a hash value by applying a hash function* preferably 
a one-way hash function as described above, is not time-consuming for a processor, the 
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cryptographic-function generator 21 might be implemented in the operating system 20 
itself. Any cryptographic-function might be suitable that outputs a substantially unique 
value. 

The structure of the computer 2, as described with reference to Fig. 1 , is to be seen as 
5 the underlying device, that can be used in the following embodiments. 

Still referring to Fig. % which shows a high-level schematic illustration of an exchange 
of messages. Some basics are explained in the following. A message-originator 
program D wants to communicate with another program, here a message-receiver 
program S. The message-receiver program S knows one or more program-specific 
10 identifiers. These identifiers could be pre-stored or cashed and might be also known to 

the operating system 20; At first, the message-originator program D sends a request m 

i 

within a message to the message-receiver program S. Thereby, the generator-module 
21 as part of the operating system 20 derives a program-specific identifier H(D) from 
the message-originator program D and adds this program-specific identifier H(D) to the 
IS message, as indicated bjr the arrow labeled with H(D), m . 

Ill general, the operating system 20 adds to all requests sent by a message-originator 
program to a message-receiver program the respective program-specific identifier of 
the message-originator program which then can be verified or identified by the 
message-receiver program* 

i 

20 For simplification reasons, the generator-module 21 is not shown in Fig. 2. The 
program-specific identifier H(D) can also be pre-stored from the message-originator 
program D. After receiving the message including the program-specific identifier H(D) 
and the request m, the message-receiver program S tries to extract the program-specific 

i 

identifier H(D) and verifies it with its known identifiers. If the program-specific 
25 identifier fi(D), is known to the message-receiver program S, whereby this is here 
indicated by H(D) in box S» the message-receiver program S would accept further 
communication with the -message-originator program D. For that, the message-receiver 
program S sends a response-message comprising a response n and its program-specific 
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identifier WftJJ, also referred to as response-program-specific identifier H(S), to the 

i 

message-originator program D, as indicated by the arrow from box S to box D. The 
response-program-specific identifier H(S) is thereby also provided by the operating 
system 20. Since the message-originator program D and the message-receiver program 
S can be executed on different computers or systems which are connectable via a 
network, each program D, S can have its trusted computing base that provides program 
specific identifiers. A connection to the network is provided by means known in the 
art, such as wire, infrared, RF, et cetera. 

In the following, the various exemplary embodiments of the invention are described. 

Fig. 3 shows a schematic illustration of a purchase scenario using a key. Based on the 
trusted computing base and therewith on the operating system 20 run several programs 
or applications in compartments, that here is called browse B, display D and sign S. 
The underlying conception of this embodiment is that anyone should be able to ask for 
something. Since display D and sign S run in a secure compartment and thus are 
trustworthy whilst browse B is not, browse B or any other program can send a request 
to display D. 

For example, when a 
compartments dispJ ay 
generation. The security 



compartment's ability to 



signature is needed, a document is passed to the secure 
D and sign 5 for display, authorization, and signature 
of the scheme is dependent only upon the sign S and display D 



20 compartment and its ability to display information to the user, and the sign 



accept requests from display D. Only sign S needs access to a 



signing key k, as indicated in box S. 



The display D compaijtment's ability to display data to a user has two primary 
assumptions: that the compartment can obtain a resource lock on the display D and that 
25 the data itself have a stogie well defined meaning. The ability to lock the display D is 
useful to diminish the threat of Trojan Horses. The granting of exclusive locks on 
system resources allows malicious code to either soft or hard lock the system thereby 
staging a denial of service attack. Assuming that alj system locks can be forced to be 
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soft locks, this threat is not interesting. It is thus the case that the primary issue is that 
the system should be a!t>le to lock a sufficient number of resources. These resources 
include the display, touch screen, various other I/O devices, memory pages, et cetera. 

Sign S should be able to protect and manage its key k and to ensure that a request to 
sign a document came from browse B. Protecting and managing these data means that 
they should only be accessible to other compartments though sign's external interfaces. 
This implies certain low level properties of the system: the system should not allow 
raw access to memory, the integrity of messages (IPC) should be maintained, and 
access to system resources does not use the complete privileges. 

By using the above described scheme of generating program-specific identifiers for 
each compartment, a naming system is provided so that there is a well defined 
difference between compartments. 



It is assumed that a user 
using browse B, that is 



wants to select and purchase an item. The item can be selected 
a browser, as that of WAP {Wireless Applications Protocol), 
running on a PDA (personal digital assistant) that may bases on the computer as 
indicated with reference to Fig. 1. A browser is an extremely sophisticated piece of 
software that acts upon complex data supplied by un trusted users. It is possible, 
however, for the browser B to generate a request which is handed to display D and sign 
S for terms of payment iuithorization- For that, the browser B sends a request m to sign 
a document within a message to display D, whereby the operating system 20 attaches to 
the request m the prognun-specific identifier H(B) of browser B. This is indicated by 
the arrow labeled with h f (B), m. 



com ?ared 



Display D, that is 
request m with its 
with H(D) t m. The sigr^ 
received message 
program-specific identifier 
WD) in box S, the request 



program 



with 



to browse B as small piece of software, forwards the 
specific identifier H(D), as indicated by the arrow labeled 
Compartment, sign S, that might be a smartcard, verifies the 
its known program-specific identifiers. When the 
H(D) is known to sign S 9 whereby this is here indicated by 
m is accepted. Moreover, if display D has been written 
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correctly, sign S general es signatures only for documents that have been authorized by 
the user. 



tbgeth 



A signature on the request 
request rn and sends it 
indicated by the arrow 
request with its prograii 
labeled with H{D) t k **m 



m under the key k is denoted as Jfc Sign S signs the 
ier with its program-specific identifier to display D. This is 
abeled with H(S), k m. Further, display D passes the signed 
-specific identifier to browse B, as indicated by the arrow 



schema] jc 



is 



-spec rffii 



Fig* 4a shows a 
a hash. Naturally, there 
objects, to share data, 
and object G, whereby 
object. Moreover, objea; 
The object F receives 
respective program- 
labeled with H(A).r(nj) 
rim) comes from object 
granted, whereby d 2 is 
H(F), dj. The second 
object F % access control 
null is returned as 
lists could be kept for re; 



oiject , 



: indicated 



More complex objects F 
implement desired accesb 



While Fig. 4a illustrates 
trusted objects, Fig. 4b 
object for dynamic setup 
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illustration of a file system object with access control using 
a need for different applications, hereafter also referred to as 
4a indicates persistent objects, namely object A, object F a 
A and object G are connected to object F, that is a trusted 
F has an access control list 40 with entries for object A only. 
;wo read requests r(n t ) and r{n^ both accompanied by the 
c identifier H(A) and H(G), as it is indicated by the arrows 
^und H(G),rbt2) towards object F, respectively. The first request 
A> which appears in object F Is access control list 40. This is 
returned by object F as indicated by the arrow labeled with 
request r(n^) comes from object G, which does not appear in 
list 40. Thus, the second request r(n 2 ) is denied, whereby a 
by the arrow labeled with H(F),0. Different access control 
and write privileges. 



with rich method sets can use the same type of construction to 
control policies in generality. 



a static setup which does not allow to update the collection of 
shows, based on the configuration of Fig. 4a f a file system 
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The configuration of Fig- 4a can be updated using digital signatures. Therefore, object 
F has a public key isf, as indicated in box F. Object F and object G are based on a first 
operating system 42, whilst a helper application, also referred to as object C, bases on a 
second operating system 44 which are connected by a channel 46 as it is known in the 
art. The first operating system 42 runs at a user whereas the second operating 
system 44 runs at a developer or a trusted entity. Object C is used to deliver k ' 2 H(G)> 
whereby k mf is a private key, to object F which verifies the validity of the signature and 



adds the program-specifi 
Access requests such as 



10 object F, that returns H(F), d}> as indicated by the respective arrows. 



The construction depends 
need to be trusted so lon » 



c identifier H(G) of the object G to its access control list 40. 
H(G),r(nj) from object G to object F will now be granted by 



upon the fact that the bearer of a digital signature does not 
as the signature is valid. 



One can use this very fact to set up arbitrarily complicated trust relationships using a 
helper application. 

Fig, 5 shows a schematic illustration of an embodiment using a helper application, that 
here is object C again, to set up mutual trust (MT) relationship between object A and 
object G. Both objects A, G have the public key k and their own specific access control 
list, as indicated below the objects A, G, respectively. Using object C as the helper 
application, object C delivers k ~ J H(G) with its program-specific identifier H(C) to 
object A, which verifies the validity of the signature and adds the program-specific 
identifier H(G) to its access control list On the other hand, object C delivers k ~ J H(A) 
with its program-specific identifier H(C) to object G, which verifies the validity of the 
signature and adds the program-specific identifier H(A) to its access control list For 
further communication* object A can contact directly object G and vice versa, because 
now they know and trusi each other, as indicated by the doted line between box A and 



The scheme described 
signing which requires 



<*ith reference to Fig. 5 is not the same as traditional code 
an intractable hierarchy of keys, certificates, developer 



15 



20 



1 



3- 0 : fr^*^'5pKf^7^f(>4-l 1 724 83_51-> 



; L-J 



+49 89 239(t?- T >~^^r™l^ 

|jsgj^ft;E 



CH9-2000-0012 



18 



registration, an so forth. The scheme does not use code signing to determine system 
privileges but is rather using signatures as credentials in a developer software coterie. 

An example of where this might be useful is if a bank has several payment schemes 
which wish to share aj common key. The individual components can be updated 
independently, j 

The following embodiment describes the design of a payment system using digital 
signatures using the access control mechanism based on cryptographic functions. This 
system is designed to bb used through WAP without depending upon the security of 
WAP itself Several steps are indicated in the following* 



10 Global Setup 



The initial setup for a bank is not too intrusive, since the bank need not contact the 
creators of the device, i,e. manufacturer of the PDA or computer, 

K The bank generates ajpublic key/private key pair to sign individual users keys. This 
key pair is denoted as mk/mk m \ This could be the banks master key or some derivative 



thereof. 



2. The bank generates a public key/private key pair to identify membership in the banks 
suite of applications. Thife key pair is denoted as ok /ak 

3. The bank writes a signing program S that comprises the public keys mk and ak. 



, wlii 



4, Moreover, the bank wirites a display program Z>, such as described with reference to 
Fig, 3. It accepts as a sample description of that which is to be signed, e.g. payee, 
amount, date, and description. The display program D then locks the physical display 
device and displays afterwards the necessary information to the user* If the user agrees, 
the display program D : releases the lock and the terms will be passed to a signing 
program S, such as mentioned with reference to Fig. 3* 
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5. The bank computes 
as shown with reference 

Individual Setup 
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ka 



r 7 H(D) and places this in a helper or registration program C, 
to Fig. 5. 



It is assumed that the bahk wishes to generate and distribute keys for the user. 



1. For each user U* the 
carrying the signed key 



bank generates a key pair uk / uk* and an application CU 
jbairmfc" 1 (uk/uk''). 



2, The bank provides to 
registration program C s 
the user U and is the onlly 
secret in some way. 



the user U the display program Z>, the signing program 5, the 
and the application CU, Only the application CU depends on 
component requiring secrecy* The bank may wish to split the 



3. Then, the user U installs 
automatically sets up 
program-specific 



identifiers 



the applications mentioned in the step above and the system 
four new security domains corresponding to the respective 
H( Dh H(S)> H(C), and H(CU)> 



bey using the key mk. ' 
deletes itself, because it 



4. The user U executes application CU which sends to the signing program $ a message 
including ink * ! (uk / uk The signing program S verifies that uk / uk ~ s is a valid user 

he application CU then calls the registration program C and 
las no more purposes. The registration program C sends to the 
signing program S a message including ka ~* H(D). Next, the signing program 5 uses ka 
to verify whether the dilsplay program D is a trusted application. Hence, the signing 
program S trusts the disj lay program D. 



When an application or 
it passes the text or 
user U approves the 
The signing program S 



program, as the WAP browser, wishes to generate a signature, 
document to the display program D for display and approval. If the 
request is passed on to the signing program 5 which then sign it. 
knows that the request reflects the users desires because it 
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iisplay program D. The signature is eventually returned to the 



If the bank wishes to generate a new application N, e,g. for home banking, trusted by 
the signing program 5 Ihen they only generate a helper application C* carrying ka '* 

Smartcard 



If the bank wishes to 
pair, then the Individual 



use 



a smartcard to protect the private portion of the user's key 
Setup can be varied as follows. 



L For each user U S7 the 
10 This key pair uk/uk' 1 



>ank generates a key pair uk/uk' r and put it on the smartcard. 
cab be signed with the bank's maaer key mk 1 (uk/uk J ). 



2. The bank provides to 
program C* 



the user £/ tf at least the display program D and the registration 



HIS; 



3. Then, the user U h i 
system automatically sets 
program-specific identifiers 



talis the applications mentioned in the step above and the 
up two new security domains corresponding to the respective 
are H(D) and H(C). 



4. The user U s executejs 
message including ka ' s 
D is a trusted application 



progran 



When the display 
20 along with the program 



Any disclosed embodiment 
embodiments shown andfor 
the embodiments. 
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the registration program C which sends the smartcard a 
^(D). The smartcard uses ka to verify that the display program 
and hence forth trusts the display program Z>. 



D sends a request to the smartcard, the request is delivered 
sbecific identifier H(D) of the display program Z), 



may be combined with one or several of the other 
described. This is also possible for one or more features of 
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The present invention ;an be realized in hardware, software, or a combination of 
hardware and software. Any kind of computer system - or other apparatus adapted for 
carrying out the methods described herein - is suited. A typical combination of 
hardware and software could be a general purpose computer system with a computer 
program that, when bein 5 loaded and executed, controls the computer system such that 
it carries out the methods described herein. The present invention can also be 
embedded in a computer program product, which comprises all the features enabling 
the implementation of t le methods described herein, and which - when loaded in a 
computer system - is abl 3 to carry out these methods. 



10 Computer program medns 
expression, in any langu ige 
a system having an information 
either directly or after 
language, code or notation: 



or computer program in the present context mean any 
, code or notation, of a set of instructions intended to cause 
processing capability to perfonn a particular function 
either or both of the following a) conversion to another 
; b) reproduction in a different material form. 
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CLAIMS 



eriiying 



L A method for v< 
message-receiver 

- receiving from 
program-specific ; 
message-origina 
and 

- verifying whether 
said 



the identity of a message-originator program (D) by a 
prbgram (S), the method comprising the steps of: 
j laid message-originator program (D) a message comprising a 
identifier (H(D)% which has been provided for said 
or program <D) by means of a trusted computing base (TCB); 



l message-receiver 



program 



said 



message 



A method for disclosing 

message-receiver 

- sending from 
program (S) a 
has been providbd 
trusted computir g 
verifiable at saic 
raessage-receivei 



pre gram < 



pro, pram 



A method for verif^tag 
message-receiver 

- providing a 
program (D) by 
sending from 
program (S) a 

- receiving at said 
verifying whethe 
said message 
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said received program- specific identifier (H(D)) is known to 
■ program (S). 



the identity of a message-originator program (D) to a 
(S), the method comprising: 
message-originator program (D) to said message-receiver 
comprising a program-specific identifier (H(D)\ which 
for said message-originator program (D) by means of a 
base (TCB), said program-specific identifier (H(D)) being 
message-receiver program (S) whether it is known to said 
program (S), 



the identity of a message-originator program (D) by a 

(S), the method comprising the steps of: 
-specific identifier (H(D)) for said message-originator 
i|ieans of a trusted computing base (TCB); 

message-originator program (D) to said message-receiver 
comprising said program-specific identifier (H(D)); 
: nessage-receiver program (S) said message; and 
said received program-specific identifier (H(D)) is known to 
program (S). 



said 



me ssage < 



reo aver 
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4. Method according 
program (S) 
sends a response-: 

- a response-] 
said response 
base (TCB); anc 

- an 
as being known 



to one of claims 1 to 3> wherein the message-receiver 
afterwards becomes a response-message-originator program and 
to the message-originator program (D) comprising: 
specific identifier (H(S)) 7 which has been provided for 
•massage-originator program by means of the trusted computing 



message 



program 



acknowledgment if the program-speciflc identifier (H(D)) has been verified 



Method according 
cryptographic identifier 
the message-originator 
preferably a one 
program-specific i 



to one of claims 1 to 3, wherein a substantially unique 
that is derived by applying a cryptographic function {H) to 
program (D)> preferably a hash function, and more 
-hash function, such as MD5 or SHA-U is used as the 



-wiy 



identifier! 



to 



6. Method according 
the program-specifi 
cryptographic key (k 



7. Method according tc 
program-specific 
cryptographic key 
trust relationship. 



8, Method according 
program (S) has a piibli 



9. Method according 
program (S) and/or 
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one of claims 1 to 3, further comprising the step of signing 
identifier (H(Df) and/or the message by use of a private 
"0 to establish trust between different programs. 



claim 6, wherein the message further comprises an additional 
identifier (H(GJ) that is signed by use of the private 
Q; "0 to establish a membership of an additional program in a 



:o one of claims 1 to 3, wherein the message-receiver 
ic cryptographic key (fc) . 



to one of claims 1 to 3, wherein the message-receiver 
the trusted computing base (TCB) use(s) a list comprising 
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pie-stored program-specific identifiers and wherein said message-receiver 

i 

program (S) verifies whether the program-specific identifier (H(D)) is identical to 
one of said pie-stored program-specific identifiers. 



10. Method according ; to one of claims 1 to 3, wherein the message-receiver 
program (S) sends a rejection-message if the program-specific identifier (H(D)) is 
not verified as being known. 



10 



11. Method according tp one of claims 1 to 3, wherein the message-originator program 
(D) and the messagfe-receiver program (S) are executed on different systems and 
are connectable via ia network, each having its trusted computing base (TCB) for 
providing program-specific cryptographic identifiers. 



12. A computer program comprising program code means for performing the steps of 
any one of the claims 1 to 1 1 when said program is run on a computer. 



15 



13. A computer program product comprising program code means stored on a 

! 

computer readable medium for performing the method of any one of the claims 1 
to 1 1 when said program product is run on a computer. 



14. An apparatus for verifying the identity of a message-originator program (D) by a 
message-receiver program (S) on a computer, the apparatus comprising: 

- computing means; 

- a receiver-module for receiving from said message-originator program (D) a 
20 message compri&ng a program-specific identifier (H(D)\ which has been 

provided for said message-originator program (D) by means of a trusted 
computing base <JTCB); and 

- a verifier-module that verifies whether said program-specific identifier (H(D)) 
is known to said {nessage-receiver program (S). 
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15. An apparatus for disclosing the identity of a message-originator program (D) by a 
message-receiver pogram (S) on a computer, the apparatus comprising: 

- computing meat s; 

- a trusted computing base (TCB) comprising a generator-module for creating a 
program-specific identifier (H(D)); and 

- a sender-modul^ for sending from said message-originator program (D) a 
message comprising said program-specific identifier (H(D)\ said 
program-specific identifier (H(D)) being verifiable at said message-receiver 
program (S) whejther it is known to said message-receiver program (S). 
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ABSTRACT 

The invention provides 
a computer. Cryptograpl 
another program. These 
programs. Each prograir 
substantially unique valijie 
verify the validity of 
between different programs 
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general and flexible mechanism for a secure access control on 
ic checksums are applied for the identification of a program to 
cryptographic checksums are generated automatically for the 
has its program-specific identifier which can be regarded as a 
or name. Such a program- specific identifier can be used to 
program to another program. Mutual trust relationships 
s can therewith be set up easily. 
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